'Agent Smith' malware affects 15 million Android smartphones in India: Check Point Research

A mobile malware named ‘Agent Smith’ has infected 25 million Android devices globally, including 15 million in India. This malware replaces installed apps with malicious versions without user’s knowledge, claimed Check Point Research.

Check Point Research is the threat intelligence arm of cyber security solutions provider Check Point Software. “Check Point Research has discovered a new variant of mobile malware that has quietly infected around 25 million devices, including 15 million mobile devices in India,” it said in a statement. The company worked closely with Google, and now claims that no malicious apps remain on the Play Store.

Disguised as a Google-related application, the malware exploits known Android vulnerabilities. As per the report, it then automatically replaces installed apps with malicious versions without users’ knowledge or interaction. The report further said that the malware mostly targeted Hindi, Arabic, Russian, Indonesian speaking users.

“So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh have also been impacted. There has also been a noticeable number of infected devices in the UK, Australia and the US,”Check Point Research added.

Check Point claimed that the malware currently uses broad access to the devices’ resources to show fraudulent ads for financial gain. The company further warned that the malware could easily be used for far more harmful purposes. These include banking credential theft and eavesdropping among others.

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich. Shimonovich is the Head of Mobile Threat Detection Research at Check Point Software Technologies, said.

Users should only download apps from trusted app stores to mitigate the risk of infection. Especially since third-party app stores often lack the security measures required to block adware loaded apps.